Part�I.�Concepts and Configuration Issues
�
�
�
Part�I.�Concepts and Configuration Issues
Table of Contents
1. An Overview of OpenAFS Administration
A Broad Overview of AFS
AFS: A Distributed File System
Servers and Clients
Cells
Transparent Access and the Uniform Namespace
Volumes
Efficiency Boosters: Replication and Caching
Security: Mutual Authentication and Access Control Lists
More Detailed Discussions of Some Basic Concepts
Networks
Distributed File Systems
Servers and Clients
Cells
The Uniform Namespace and Transparent Access
Volumes
Mount Points
Replication
Caching and Callbacks
AFS Server Processes and the Cache Manager
The File Server
The Basic OverSeer Server
The Protection Server
The Volume Server
The Volume Location (VL) Server
The Salvager
The Update Server
The Backup Server
The Cache Manager
The Kerberos KDC
The Network Time Protocol Daemon
2. Issues in Cell Configuration and Administration
Differences between AFS and UNIX: A Summary
Differences in File and Directory Protection
Differences in Authentication
Differences in the Semantics of Standard UNIX Commands
The AFS version of the fsck Command and inode-based fileservers
Creating Hard Links
AFS Implements Save on Close
Setuid Programs
Choosing a Cell Name
How to Set the Cell Name
Why Choosing the Appropriate Cell Name is Important
Participating in the AFS Global Namespace
What the Global Namespace Looks Like
Making Your Cell Visible to Others
Making Other Cells Visible in Your Cell
Granting and Denying Foreign Users Access to Your Cell
Configuring Your AFS Filespace
The Top /afs Level
The Second (Cellname) Level
The Third Level
Creating Volumes to Simplify Administration
Assigning Volume Names
Grouping Related Volumes on a Partition
When to Replicate Volumes
The Default Quota and ACL on a New Volume
Configuring Server Machines
Replicating the OpenAFS Administrative Databases
AFS Files on the Local Disk
Configuring Partitions to Store AFS Data
Monitoring, Rebooting and Automatic Process Restarts
Configuring Client Machines
Configuring the Local Disk
Enabling Access to Foreign Cells
Using the @sys Variable in Pathnames
Setting Server Preferences
Configuring AFS User Accounts
Choosing Usernames and Naming Other Account Components
Grouping Home Directories
Making a Backup Version of User Volumes Available
Creating Standard Files in New AFS Accounts
Using AFS Protection Groups
The Three System Groups
The Two Types of User-Defined Groups
Login and Authentication in AFS
Identifying AFS Tokens by PAG
Using an AFS-modified login Utility
Using Two-Step Login and Authentication
Obtaining, Displaying, and Discarding Tokens
Setting Default Token Lifetimes for Users
Changing Passwords
Imposing Restrictions on Passwords and Authentication Attempts
Support for Kerberos Authentication
Security and Authorization in AFS
Some Important Security Features
Three Types of Privilege
Authorization Checking versus Authentication
Improving Security in Your Cell
A More Detailed Look at Mutual Authentication
Backing Up AFS Data
Backup Volumes
The AFS Backup System
Accessing AFS through NFS